Skip to content

[Snyk] Upgrade @nuxt/ui from 2.22.0 to 3.1.2 #158

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade @nuxt/ui from 2.22.0 to 3.1.2 #158

wants to merge 1 commit into from

Conversation

nerdy-tech-com-gitub
Copy link
Owner

@nerdy-tech-com-gitub nerdy-tech-com-gitub commented Jun 10, 2025
edited by sourcery-ai bot
Loading

snyk-top-banner

Snyk has created this PR to upgrade @nuxt/ui from 2.22.0 to 3.1.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 24 versions ahead of your current version.

  • The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Directory Traversal
SNYK-JS-SUPABASEAUTHJS-10255365		 94 No Known Exploit
Release notes
Package name: @nuxt/ui
  • 3.1.2 - 2025-05-15

    🚀 Features

    🐛 Bug Fixes

    • Badge/Button: handle zero value in label correctly (#4108) (f244d15)
    • ButtonGroup: add z-index on focused element (204953b)
    • Calendar: wrong color for today date with neutral color (7d51a9e), closes #4084 #3629
    • Checkbox/RadioGroup: render correct element without variant (f2fd778), closes #3998
    • CheckboxGroup: relative UCheckbox import (7551a85), closes #4090
    • ColorPicker: make thumb touch draggable (#4101) (cc20a26)
    • components: class should have priority over ui prop (e6e510b)
    • FormField: block form field injection after use (#4150) (d79da9d)
    • FormField: use div for error and help slots (459a041)
    • inertia: link always render as anchor tag (#3989) (e81464a)
    • inertia: make useAppConfig reactive (12303a8)
    • Input/Textarea: handle generic types (3c8d6cd), closes nuxt/ui-pro#887
    • InputNumber: handle inside button group (2e4c308), closes #4155
    • Link: consistent behavior between nuxt, vue and inertia (#4134) (67da90a)
    • module: configure @ nuxt/fonts with default weights (276268d)
    • NavigationMenu: arrow position conflict (#4137) (0dc4678)
    • Select: support more primitive types in value field (#4105) (09b4699)
    • Slider: handle generic types (d7a4d02)
    • Stepper: use div tag for title & description (a57844e), closes #4096
    • Tabs: prevent trigger truncate without parent width (06e5689), closes #4056
    • Tabs: set focus:outline-none with link variant (999a0f8)
    • templates: dont write unused variants in theme files (d3df3bb)
    • Toaster: allow base slot override (c63d2f3)
    • vue: make useAppConfig reactive (869c070), closes #3952

    🌐 Locales

    👋 New Contributors

    Full Changelog: v3.1.1...v3.1.2

  • 3.1.1 - 2025-05-02

    🚀 Features

    • useOverlay: add closeAll method (#3984) (ac4c194)
    • useOverlay: add isOpen method to check overlay state (#4041) (a4f3f6d)

    🐛 Bug Fixes

    • Calendar: add place-items-center to grid row (#4034) (8dfdd63)
    • defineShortcuts: bring back meta to ctrl convert on non macos platforms (f3b8b17), closes #3869 #3318
    • module: support nuxt-nightly (#3996) (bc0a296)
    • NavigationMenu: remove sm:w-auto from content slot (aebf0b3), closes #3987
    • RadioGroup: improve items value field type (#3995) (195773e)
    • templates: put back args to watch in dev (#4033) (c5bdec0)
    • theme: add missing border-bg / divide-bg utilities (82b5f32)
    • theme: add missing ring-offset-* utilities (#3992) (e5df026)
    • theme: define default shades for named tailwindcss colors (8acf3c5), closes #3977
    • theme: improve app config types for ui object (591d59f), closes #3579
    • theme: use @ theme inline to properly reference css variables (6131871), closes #4018
    • useOverlay: improve types and docs (#4012) (39e29fc)

    👋 New Contributors

    Full Changelog: v3.1.0...v3.1.1

  • 3.1.0 - 2025-04-24

    ✨ Highlights

    🎨 Improved Utility Classes

    We've enhanced the utility class system to make it more intuitive and easier to use. While CSS variables provided flexibility, writing classes like text-(--ui-text-muted) proved cumbersome. We've introduced three major improvements:

    • Default Color Shades (#3916): New utility classes for default color shades that automatically map to our design system variables. These shades automatically adapt to your color scheme and can be configured for both light and dark modes: https://ui.nuxt.com/getting-started/theme#colors
    - <div class="text-(--ui-primary)">
    + <div class="text-primary">

- <div class="bg-(--ui-error)">
+ <div class="bg-error">

  • Neutral Color Utilities (#3629): New utility classes for text, background, border, ring, divide and outline colors that map to our design system variables. These utilities work with opacity modifiers and automatically adapt to your color mode: https://ui.nuxt.com/getting-started/theme#neutral
- <div class="text-(--ui-text-muted)">
+ <div class="text-muted">

- <div class="border-(--ui-border)">
+ <div class="border-default">

- <div class="bg-(--ui-bg-elevated)/50">
+ <div class="bg-elevated/50">

- <div class="rounded-(--ui-radius)">
+ <div class="rounded-sm">

- <div class="rounded-[calc(var(--ui-radius)*1.5)]">
+ <div class="rounded-md">

- <div class="rounded-[calc(var(--ui-radius)*2)]">
+ <div class="rounded-lg">

These changes are fully backward compatible - existing CSS variable-based classes will continue to work while providing a more ergonomic alternative for new code.

🧩 New Components and Features

script setup lang="ts">
import type { CheckboxGroupItem, CheckboxGroupValue } from '@ nuxt/ui'

const items = ref<CheckboxGroupItem[]>(['System', 'Light', 'Dark'])
const value = ref<CheckboxGroupValue[]>(['System'])
</script>

<template>
<UCheckboxGroup v-model="value" :items="items" />
</template>

script setup lang="ts">
import type { RadioGroupItem, RadioGroupValue } from '@ nuxt/ui'

const items = ref<RadioGroupItem[]>(['System', 'Light', 'Dark'])
const value = ref<RadioGroupValue>('System')
</script>

<template>
<URadioGroup v-model="value" variant="table" :items="items" />
</template>

🌉 Inertia.js Integration

The Vue version now includes built-in support for Inertia.js. Enable it with the inertia: true option in your vite.config.ts:

import { defineConfig } from 'vite'
import vue from '@ vitejs/plugin-vue'
import ui from '@ nuxt/ui/vite'

export default defineConfig({
plugins: [
vue(),
ui({
inertia: true
})
]
})

This automatically replaces RouterLink with InertiaLink in all components, providing seamless integration with your Inertia.js applications: https://ui.nuxt.com/getting-started/installation/vue#inertia

⚡ Module Builder Update

The module has been updated to use nuxt/module-builder@1.0.0, bringing improved build performance and better TypeScript support.

Following this change, we've refactored how component types are handled which brings full HMR support with app.config.ts changes, this was only working when reloading the page previously.

🚨 Breaking Changes

  • OverlayProvider: return an overlay instance from .open() (#3829) (f3098df)

This PR changes .open() to return an overlay instance with a result promise property instead of returning the promise directly, providing more flexibility:

- const result = await modal.open({ count: count.value })
+ const instance = modal.open({ count: count.value })
+ const result = await instance.result
</script>

🚀 Features

  • App: add global portal prop (#3688) (29fa462)
  • Carousel: add select event (#3678) (22edfd7)
  • CheckboxGroup: new component (#3862) (9c3d53a)
  • components: add new content-top and content-bottom slots (#3886) (1a46394)
  • Form: add attach prop to opt-out of nested form attachement (#3939) (1a0d7a3)
  • Form: export loading state (#3861) (fdee252)
  • InputMenu/SelectMenu: handle resetSearchTermOnSelect (cea881a), closes #3782
  • InputNumber: add support for stepSnapping & disableWheelChange props (#3731) (f5e6284)
  • Modal/Popover/Slideover: add close:prevent event (#3958) (f486423)
  • module: define default color shades (#3916) (7ac7aa9)
  • module: define neutral utilities (#3629) (d49e0da)
  • module: dynamic rounded-* utilities (#3906) (f9737c8)
  • OverlayProvider: return an overlay instance from .open() (#3829) (f3098df)
  • PinInput: add autofocus / autofocus-delay props (0456670), closes #3717
  • RadioGroup: add card and table variants (#3178) (4d138ad)
  • Select: handle onSelect field in items (8640831)
  • Table: conditionally apply classes to tr and td (#3866) (80dfa88)
  • Tabs: add list-leading and list-trailing slots (#3837) (3447a06)
  • Textarea: add autoresize-delay prop (06414d3), closes #3730
  • Textarea: add icon, loading, etc. props to match Input (cb193f1)
  • Textarea: add resize-none class with autoresize prop (ffafd81)
  • unplugin: routing support for inertia (#3845) (d059efc)

🐛 Bug Fixes

  • Accordion: use div instead of h3 for header tag (75e4792), closes #3963
  • Alert/Toast: display actions when using slots (5086363), closes #3950
  • Carousel: move arrows inside container on mobile (d339dcb), closes #3813
  • CommandPalette: consistent alignement with other components (d25265c)
  • CommandPalette: increase input font size to avoid zoom (d227a10)
  • CommandPalette: prevent hover background on disabled items (ba534f1)
  • components: refactor types after @ nuxt/module-builder upgrade (#3855) (39c861a)
  • components: respect transform-origin in popper content (#3919) (01d8dc7)
  • ContextMenu/DropdownMenu: handle RTL mode (#3744) (1ae5cc0)
  • ContextMenuContent/DropdownMenuContent: remove unwanted any (#3741) (97274f1)
  • Form: input and output type inference (#3938) (f429498)
  • Form: loses focus on submit (#3796) (8e78eb1)
  • InputMenu/SelectMenu: correctly call onSelect events (#3735) (f25fed5)
  • InputMenu/SelectMenu: prevent disabled items to be selected (8435a0f), closes #3474
  • InputMenu/SelectMenu: remove valueKey string case (9ca213b), closes #3949 #3331
  • InputMenu/SelectMenu: support arbitrary value (#3779) (52a97e2)
  • InputMenu: emit change on multiple item removal (9d2fed1), closes #3756
  • Link: proxy download property (#3879) (47cdc2e)
  • NavigationMenu: add sm:w-auto content slot (abe0859), closes #3788
  • Skeleton: improve accessibility (#3613) (3484832)
  • Stepper: ui prop override on icon and content slots (1d45980), closes #3785
  • Table: improve data reactivity (#3967) (6e27304)
  • Table: pass header colspan to th (#3926) (122e8ac)
  • Tree: simplify reusable template types (#3836) (3deed4c)
  • types: allow color identifiers with dashes (#3896) (e5a1e26)
  • types: handle ClassValue in ui prop (eea1415), closes #3860
  • types: improve dynamic slots (#3857) (8dd9d08)
  • usePortal: adjust portal target resolution logic (#3954) (db11db6)
  • vite: vitest skipping nuxt imports transformations (#3925) (c31bffa)

🌐 Locales

👋 New Contributors

@snyk-bot
feat: upgrade @nuxt/ui from 2.22.0 to 3.1.2
a4eaca3 
Snyk has created this PR to upgrade @nuxt/ui from 2.22.0 to 3.1.2.

See this package in npm:
@nuxt/ui

See this project in Snyk:
https://app.snyk.io/org/nerds-github/project/ef708957-d107-4807-bb9b-ffb67ea15337?utm_source=github&utm_medium=referral&page=upgrade-pr
@sourcery-ai Sourcery AI
Copy link

sourcery-ai bot commented Jun 10, 2025
edited
Loading

Reviewer's Guide

This PR upgrades the @nuxt/ui devDependency from v2.x to v3.x by updating the version string in dashboard/package.json, aligning the project with the latest Nuxt UI release and its security fixes.

Class Diagram: @nuxt/ui Upgrade and Key Component Changes

classDiagram
  class dashboard_package_json {
    "@nuxt/ui (devDependency)": "2.22.0  ->  3.1.2"
  }

  class NuxtUI_Library {
    <<@nuxt/ui>>
    +version: "3.1.2"
    +securityFixes: "Includes SNYK-JS-SUPABASEAUTHJS-10255365"
  }
  dashboard_package_json ..> NuxtUI_Library : "uses updated"

  NuxtUI_Library "1" *-- "*" UCheckboxGroup : provides
  NuxtUI_Library "1" *-- "*" URadioGroup : provides
  NuxtUI_Library "1" *-- "*" OverlayProvider : provides
  NuxtUI_Library "1" *-- "*" UBadge : provides
  NuxtUI_Library "1" *-- "*" UInputNumber : provides
  NuxtUI_Library "1" *-- "*" UNavigationMenu : provides
  NuxtUI_Library "1" *-- "*" UToast : provides

  class UCheckboxGroup {
    <<New Component in v3.x>>
    +String variant
    +Array items
    +Array modelValue
  }

  class URadioGroup {
    <<Enhanced in v3.x>>
    +String variant
  }

  class OverlayProvider {
    <<API Breaking Change in v3.x>>
    +OverlayInstance open(options)
  }
  class OverlayInstance {
    +Promise result
  }
  OverlayProvider ..> OverlayInstance : creates

  class UBadge {
    <<Enhanced in v3.1.2>>
    +boolean square
  }

  class UInputNumber {
    <<Enhanced in v3.1.2>>
    +boolean incrementDisabled
    +boolean decrementDisabled
  }

  class UNavigationMenu {
    <<Enhanced in v3.1.2>>
    +boolean collapsible
    +Object tooltip
  }

  class UToast {
    <<Enhanced in v3.1.2>>
    +boolean progress
  }
Loading

Flow Diagram: @nuxt/ui Dependency Upgrade Impact

graph TD
    A["@nuxt/ui v2.22.0 (Current Dev Dependency)"] --> B["PR: Update dashboard/package.json"];
    B --> C["@nuxt/ui v3.1.2 (New Dev Dependency)"];
    C --> D["Project Gains Access To:"];
    D --> E["- New Components (e.g., UCheckboxGroup)"];
    D --> F["- Enhanced Components (e.g., URadioGroup, UBadge)"];
    D --> G["- API Changes (e.g., OverlayProvider.open())"];
    D --> H["- Numerous Bug Fixes"];
    D --> I["- Security Patch (SNYK-JS-SUPABASEAUTHJS-10255365)"];
    J(["Improved Project Security, Stability & Modern UI Capabilities"]);
    E --> J;
    F --> J;
    G --> J;
    H --> J;
    I --> J;
Loading

File-Level Changes

Change Details Files
Upgrade @nuxt/ui to v3.1.2
  • Bumped the @nuxt/ui version specifier from 2.15.2 to 3.1.2
 dashboard/package.json
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nerdy-tech-com-gitub @snyk-bot